Privacy Policy

Last updated: 27 March 2026

This privacy policy is an AI-assisted translation of the Romanian original. In case of any discrepancy, the Romanian version prevails.

This Privacy Policy describes the practices of CIUREA SIMONA MARIA „RALUCA" SOLE PROPRIETORSHIP, Sat Moneasa, Com. Moneasa, No. 167, Arad, Romania, email: vilaralucamoneasa@gmail.com, phone: +40 723 921 885, regarding the collection, use, and sharing of personal data when you use our website (https://vila-raluca.ro/), referred to as the "Service."

This Policy describes how we process personal data for the purposes listed below, on the legal bases indicated in our data processing table. By accessing and using the Service, you understand and agree to the practices described in this policy. If you do not agree, please do not access or use the Service.

We may modify this Privacy Policy at any time without prior notice and will post the revised version and its effective date. The revised policy will take effect 180 days after publication. Access to the Service after this period implies automatic acceptance of the revised policy. We recommend checking this page periodically for updates.

Information We Collect

We collect and process the following information provided by users in connection with accessing and using the Service for booking and accommodation:

Name, date of birth, phone number, address, billing address, email address, stay dates, number of guests, and optional messages.

How We Collect This Information

We collect and process information in the following situations:

1. When opening a new account on the website: No.
2. When you interact with the website: cookies, including Cloudflare, in accordance with our Cookie Policy.
3. On the basis of consent (e.g., newsletter subscription): No.
4. When you contact us directly or through the contact/booking form.
5. When you make a payment: We do not store card data on our server.
6. When you use the AI chat widget "Petrică din Jmelț" — messages are transmitted for AI processing as described below.

How We Use the Information We Collect

We use the information collected for the following purposes: website security, administrative information, reservation processing.

Legal Basis for Data Processing

We process your data on the basis of the following legal grounds under GDPR:

If we intend to use the information collected for any other purpose, we will request your consent beforehand, and only after receiving it will we use it accordingly. The only exception is where use is required or permitted by law.

Who We Share Information With

We will not share personal information collected with third parties without your consent, except in the limited situations below.

• Cloudflare — security, content delivery, and AI Gateway (strictly necessary cookies, exempt from consent). Cloudflare may temporarily log IP address and traffic metadata.
• Web3Forms — booking form processing (data is transmitted to our email address)
• Google Maps — interactive map, activated only at your request (click the "Open map" button)
• Anthropic PBC (USA) — provider of the Claude artificial intelligence model, used by the "Petrică din Jmelț" widget. Messages entered in the chat are transmitted to Anthropic servers for response generation and may be retained for up to 30 days for safety and quality monitoring purposes. Transfer is governed by Standard Contractual Clauses (SCC) adopted by the European Commission. Anthropic does not use your data for model training. Details: anthropic.com/privacy.

We condition any transfer to these third parties on their use of information solely for the purpose for which it was collected and their retention of it only for the agreed period.

We may also share information in the following situations:

1. to comply with legal obligations or enforce court decisions;
2. to demonstrate collection of consent for this Privacy Policy;
3. to respond to complaints regarding third-party rights violations by the Service.

Should our Service or company merge with or be acquired by another company, the information collected will be transferred as an asset to the new owner.

Storage and Retention of Information

We store the information collected for different periods depending on the category and purpose of processing, in accordance with the table above. Except where specific legal obligations exist, we do not retain data longer than necessary.

Detailed retention by category:

• Booking and accommodation data — 5 years from payment date, in compliance with Romanian Tax Code art. 25 (legal obligation to retain accounting documents and evidence of payments).
• Security and IP data — per Cloudflare retention policy (maximum 7 days for logs; session cookies are automatically deleted).
• Messages from AI chat (Petrică) — maximum 30 days at Anthropic; local browser conversations are deleted when the session closes.
• Inquiries via contact form — 12 months from receipt, then permanently deleted.
• Anonymous and aggregated data — may be stored indefinitely for service analysis and improvement.

We may be required to retain certain information for longer periods when a legal obligation mandates it (for example, in case of litigation or investigation). In such situations, data will be retained with your awareness and in compliance with applicable legal frameworks.

Your Rights

Under applicable data protection legislation, you have the right of access to and rectification or deletion of your personal data, the right to receive a copy of your collected data, the right to object to or restrict the processing of certain personal data, and the right to lodge complaints with the competent authority.

You have the ability to object to processing for marketing communications or personalized advertising analysis by modifying settings or by contacting us directly by email.

Please note that certain information collected is necessary for the functioning of the Service, and withdrawal of consent may make it unavailable.

To exercise these rights, contact us at:

Ciurea Simona Maria
Sat Moneasa, Com. Moneasa, No. 167, Arad County, Romania
Email: vilaralucamoneasa@gmail.com
Phone: +40 723 921 885

We will respond to your request within 30 days. If you are not satisfied with our response or believe we have not properly addressed your request, you have the right to lodge a complaint with the National Authority for Personal Data Protection (ANSPDCP):

AI Chat Widget — "Petrică din Jmelț"

Our website includes a virtual assistant called "Petrică din Jmelț," powered by Claude artificial intelligence (Anthropic). It is available as a floating button on all pages and answers questions about accommodation, facilities, prices, and surroundings.

What data is processed: the text of messages you enter in the chat, your IP address, and technical metadata (timestamp, token count). Conversations are not stored on our servers and are deleted from your browser memory when you close or reload the page.

Third-party processors:

• Anthropic PBC (USA) — receives messages for AI response generation. Retention: maximum 30 days, exclusively for safety and quality. USA→EU transfer covered by SCC.
• Cloudflare AI Gateway — intermediary between site and Anthropic, ensures rate limiting and cost monitoring. Traffic logs (including conversation content) are stored for up to 10,000 records, after which the oldest are automatically deleted by rotation.

Data Flow Transparency Note: Messages entered in the chat are first transmitted to our servers (proxy intermediary), which then forward them to Anthropic. Your browser does not connect directly to Anthropic servers — data passes through our infrastructure.
Additionally, the website uses Cloudflare Web Analytics to monitor performance and availability (aggregated statistics, no personal data, no cookies, no user consent required).

Recommendation: Do not enter sensitive personal data in the chat (card number, password, ID number). For bookings, use the dedicated form or contact us directly.

The widget does not use cookies and does not track your behavior on the website.

Cookies

A cookie is a small file sent along with the pages of this website and stored by your browser on your device. The stored information may be retransmitted to our servers on subsequent visits.

This website uses exclusively strictly necessary cookies (technical/functional), placed by Cloudflare for security. These cookies do not require your consent under the ePrivacy Directive and Romanian Law no. 506/2004. We do not use analytics, advertising, or tracking cookies.

You can disable or delete cookies manually from your browser settings. Note that completely disabling cookies may affect the proper functioning of the website.

Security

Data and information security is important to us, and we will implement appropriate security measures to prevent loss, alteration, and unauthorized access. However, given inherent risks, we cannot guarantee absolute security and do not assume responsibility for security breaches beyond our reasonable control.

External Links

The Service may display links to other websites not operated by us. This Privacy Policy is not related to the policies and practices of other websites accessed through links posted on this Service. We recommend that you review the Privacy Policies of any other websites you visit. We have no control and do not assume responsibility for the content or policies of other websites.

Contact

If you have questions or concerns about the processing of personal data collected by us, please contact us at the attention of the Data Protection Officer:

Ciurea Simona Maria
Sat Moneasa, Com. Moneasa, No. 167, Arad County, Romania
Email: vilaralucamoneasa@gmail.com
Phone: +40 723 921 885

We will respond to your request in compliance with the applicable legal provisions in force.